Introduction
Creating test material for computer forensic teaching or tool testing purposes has been a known problem. I encountered the issue in my studies of Computer Forensics at the University of Westminster. We were assigned a task to compare computer … Read more
File and directory timestamps are one of the resources forensic analysts use for determining when something happened, or in what particular order a sequence of events took place. As these timestamps usually are stored in some internal format, additional … Read more
First published October 2009
Recovering deleted NTFS-compressed files
By Joachim Metz
Hoffmann Investigations
www.hoffmannbv.nl
1.0 Joachim Metz September 2, 2009 Initial version.
An important part of digital forensic investigation is the recovery of data, particulary files. The recovery of
First published October 2009
Adam Hurwitz
[email protected]
Business Intelligence Associates, Inc.
39 Broadway, NYC, NY 10006
NTFS is structured so that there can be a physical separation of the data that comprises a file and the properties or metadata
First published July 2006
by Chetan Gupta
NII Consulting, Mumbai
www.niiconsulting.com
First published January 2006
Cheong Kai Wee
Edith Cowan University
[email protected]
Abstract
Criminals with sensitive information such as crime records tend to hide/encrypt this information so that even if their computers are collected by police department, there is no evidence … Read more